State of knowledge

May 2022 

ProCall Enterprise 7.4.1

ProCall Enterprise 7.4.0.5782

Information about ProCall Enterprise 7.4.1

In ProCall Release 7.4.1 () the Yealink SDK (libyealinkusbsdk.dll) for call control was no longer shipped with the installation due to the reasons listed below. Please note that even if you update from 7.4.0 to 7.4.1, the SDK will no longer be installed.

However, if you urgently need the functionality "Call control with Yealink headsets", then you can ask Yealink for the SDK (libyealinkusbsdk.dll) and copy it manually into the new subfolder "\driver\x86\Yealink" to be created in the ProCall client installation.

If you are already using version 7.4.0, you can also use this method to temporarily copy away the DLL file before updating to 7.4.1 and then copy it back after the update.

Yealink is working hard to resolve the false positive virus alerts when using "sophos Central Intercept X Advanced with XDR".

As soon as a solution is available, the SDK will also become an official part of ProCall 7 Enterprise again.


Observation

After updating the ProCall client to version 7.4.0.5782, it no longer starts.

Sophos reports "Malicious exploit ROP in estos ProCall"

Reason

In ProCall version 7.4.0.5782 the new feature "Yealink Headset HID support" is built in, for this a Yealink SDK was included.

C:\Program Files (x86)\estos\ProCall\driver\x86\Yealink → libyealinkusbsdk.dll

What has estos undertaken

We scanned the DLL with Virustotal and nothing malicious was found:

https://www.virustotal.com/gui/file/0304941c189536da808287cace6418591b64be97e044382e318f4b4bd56a8154

We have contacted Yealink, the feedback on this is still pending.

What you can do

Report it to Sophos to whitelist this DLL.

Workaround

There are the following three options:

  • Create an exception in the Sophos
  • A registry key can be set so that the SDK is not loaded when the ProCall client is started:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\ESTOS\UCServer4\CtiMain]
"AVAudioExcludeHidSdk0"="Yealink"
  • Delete the following folder on the client with the SDK (not update-safe):

C:\Program Files (x86)\estos\ProCall\driver\x86\Yealink